Spectre - CPU Vulnerability

Updates to occur when as new information becomes available.

Armor-Specific Notes

Armor client utilizes Trend DeepSecurity for antivirus. We advise that Windows systems wait until the latest version of the DeepSecurity patch is installed for maximum effectiveness. Linux systems can patch at any time.

Weekend Updates

IMPORTANT: Those with encryption software installed on their system should check with the encryption vendor to ensure compatibility before installing any operating system patches, or significant data loss and/or downtime can occur.

Overview

The announcement of critical flaws in processors produced by major CPU manufacturers sent shockwaves through the industry this week. Researchers have now confirmed there are three variants of CPU vulnerabilities named Meltdown (variant 3) and Spectre (variant 1&2). The vulnerabilities could potentially allow threat actors to access sensitive data in protected memory by bypassing critical security controls.

The Spectre vulnerability is present in numerous variants of Intel, AMD and ARM processors. This in turn affects systems running on the affected processors. Spectre was discovered by Project Zero and independent researcher Paul Kocher. While the Meltdown flaw involves using speculative execution to perform rogue data cache loading, Spectre revolves around bypassing bounds checks and branch target injection.

Microsoft released patches yesterday to plug Meltdown and protect against certain use-cases of Spectre for many supported Operating Systems, but other Windows systems will need to wait until Patch Tuesday.

Since Spectre represents a class of attacks rather than a single type of attack, one or two patches can’t protect against all use-cases. While work is being done to protect against known use-cases of the vulnerability, even the original website devoted to Spectre and Meltdown clarified that: “As [Spectre] is not easy to fix, it will haunt us for a long time”.

Below information is specific to Spectre, see the Meltdown FAQ for information related to Meltdown

Meltdown breaks the mechanism that prevents an application from accessing system memory. As a result, applications can access protected memory. Spectre tricks applications into accessing arbitrary locations in their memory.

The vulnerabilities could potentially allow threat actors to access sensitive data such as passwords and credit card information that is stored in memory.

There have not been any POCs tested against antivirus products to provide definitively on whether any protection will be offered.

There are no known exploitsbeing used in the wild at this time, but at least one proof of concept has been released.

Almost all processors are affected by this vulnerability across multiple platforms including desktops, laptops, servers and mobile devices. Per Apple, the Apple Watch is not susceptible to Spectre vulnerabilities.

At this point, it appears that any Operating System running on top of the affected CPUs is affected by this vulnerability.

Implementing vendor patches will likely have an impact on the performance of your systems, though the performance hit will vary based on the operating system and work load of each system.

AMD has stated that one of the two variants does not affect their processors, and patches to mitigate the other Spectre vulnerability should not affect system performance.

Many antivirus programs are preventing the installation of the patch. If you experience problems installing updates to your Operating System, check with your antivirus vendor for instructions.

Intel revealed that they are close to having fixes for the majority of their affected processors released in the past 5 years, making those PCs and servers “immune” from both Spectre and Meltdown vulnerabilities.

As Intel has not released any information on the impending update, performance impact is not known at this time.

All of the OS patches for Spectre are simply mitigations that make the vulnerabilities more difficult to exploit. Firmware patches for the affected processors are a better solution. Ultimately, processor manufacturers will need to update the architecture standard to eliminate the vulnerability.

Reference CVEs:

CVE-2017-5715: Branch target injection (Spectre)

CVE-2017-5753: Bounds check bypass (Spectre)

We will be monitoring the issue, and will release updates as they are available.

Be wary of vendors claiming to address security risks associated with this newly announced vulnerability. Until Intel and the operating system developers release further details, we cannot know for sure what mitigating controls could be used to reduce or eliminate the risk.

ADDITIONAL LINKS

Patching Status Matrix See the latest available patches for your operation system(s). This matrix will continue to be updated as patches become available.

Armor exists to protect. Each employee feels our passion, knows the vision and lives the company values. Diversity is key. Every role is important to Armor’s success. We volunteer our best every day and go to any length to ensure our customers are protected.